Delivering application software, such as customer relationship management (CRM) applications or various document management tools, has made a dramatic shift towards being provided as a rentable online service delivered over the Internet. Commonly referred to as Software as a Service (SaaS) or more recently as cloud-based services, businesses and individual users are more and more often simply logging in to a light-weight local application or a web browser that taps into a cloud-based platform to deliver the desired functionality. Even applications as common as word processing are moving towards delivery via a cloud-based platform (or at least leveraging cloud-based storage mechanism to assist with collaboration, storage, or workflow). However, cloud-based platforms cannot provide the same level of security as a completely local (e.g., within an organizations private network) application or service platform. Accordingly, organizations are increasingly concerned about data security with the increased use of cloud-based platforms and services.
For example, if a cloud-based storage system is used, the organization must trust the service provider to provide adequate safeguards and security measures to protect sensitive data stored by the provider. This lack of trust and/or controls can create a significant adoption barrier for new services. Service providers must combat this by articulating how secure their service is and attempting to prove it to customers in a myriad of ways (certifications among others).